Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/JfS0hqQ95p7fELV58H3e75LRK78.roa
File:                     JfS0hqQ95p7fELV58H3e75LRK78.roa (raw, json)
Hash identifier:          JoOQWrhx92IYoh9YHEJ4KEyoZ6vG9vQIJ+MnQ0fkZxY=
Subject key identifier:   25:F4:B4:86:A4:3D:E6:9E:DF:10:B5:79:F0:7D:DE:EF:92:D1:2B:BF
Certificate issuer:       /CN=761acfd649c8eead8551942781fa16f68dbd10f3
Certificate serial:       018CC72767ABF571E2E48EE2760B091ADFC3
Authority key identifier: 76:1A:CF:D6:49:C8:EE:AD:85:51:94:27:81:FA:16:F6:8D:BD:10:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/JfS0hqQ95p7fELV58H3e75LRK78.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41836
IP address blocks:        91.224.72.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:67:ab:f5:71:e2:e4:8e:e2:76:0b:09:1a:df:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761acfd649c8eead8551942781fa16f68dbd10f3
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25f4b486a43de69edf10b579f07ddeef92d12bbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:72:8c:cb:22:00:a8:c4:98:9b:14:20:57:8b:
                    d7:6b:2e:ae:fd:91:20:f8:80:a9:7e:88:2b:b2:1f:
                    be:8b:9e:2b:7d:bb:8a:45:f4:99:77:7f:b5:41:86:
                    23:43:8b:3f:f4:db:fd:a7:61:e1:14:f0:00:68:ec:
                    3c:53:be:20:66:6b:16:9b:dd:7b:42:66:8a:e5:9d:
                    27:fb:33:47:89:23:0a:a9:da:b6:cc:37:f9:dd:f9:
                    4a:33:4e:f2:74:f4:69:43:ff:8f:bd:58:aa:0b:61:
                    72:d5:1b:d7:dd:33:b2:1e:b0:36:08:93:df:b2:c0:
                    fc:3e:a7:b0:52:3f:21:e7:f4:6f:6b:be:fb:e6:ba:
                    2e:81:10:ec:3c:5b:b9:fa:f1:15:da:34:df:eb:53:
                    8e:73:ef:8b:a4:e0:6b:9c:75:02:28:72:d8:ba:4e:
                    51:7b:6b:08:c1:11:b1:67:fb:9f:06:c1:8c:e8:ba:
                    eb:13:63:7b:3c:7c:c7:06:61:4b:81:a6:3d:32:70:
                    30:6d:5b:db:32:e5:0d:78:1e:aa:6c:3f:5c:bc:a2:
                    b2:eb:dc:85:06:0d:74:54:32:3f:7f:60:15:cd:c3:
                    94:61:f8:5d:bc:3c:b6:78:a0:87:1f:ce:75:2d:94:
                    4a:b0:db:2d:b5:66:0e:10:04:0d:25:9d:11:57:6c:
                    34:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F4:B4:86:A4:3D:E6:9E:DF:10:B5:79:F0:7D:DE:EF:92:D1:2B:BF
            X509v3 Authority Key Identifier:
                keyid:76:1A:CF:D6:49:C8:EE:AD:85:51:94:27:81:FA:16:F6:8D:BD:10:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/JfS0hqQ95p7fELV58H3e75LRK78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:ce:4c:85:35:a8:66:a9:bf:72:b2:8e:f2:5e:70:10:8f:ca:
         a6:4f:9d:7a:45:00:5e:e9:e8:e2:c1:74:1c:01:39:30:0f:fc:
         eb:55:db:74:10:5b:06:09:0d:f8:0e:a8:f5:b0:82:4a:ef:61:
         ed:4f:0d:06:be:df:3a:ce:20:ae:47:2d:0f:1a:5e:46:64:0b:
         ef:5f:dc:60:04:e0:de:03:8a:21:99:97:39:49:07:85:9b:a1:
         57:cf:01:0b:38:3a:7b:59:70:08:28:2a:ef:d1:b6:a9:2b:01:
         b7:c0:b7:f6:69:dd:32:98:d7:ac:24:d6:61:bf:fe:90:f5:dd:
         65:84:54:7e:54:b6:b5:9f:85:19:f8:2a:91:74:60:76:73:2e:
         e7:70:e2:30:01:35:fe:00:5a:ce:3d:9a:38:b2:bb:0e:e1:80:
         dd:27:47:27:cb:fa:b7:d7:33:4b:15:d8:09:e8:12:1c:23:0f:
         60:a4:d7:20:7b:b3:7b:e7:63:67:11:71:e4:f1:30:b0:4e:8d:
         93:28:5b:84:98:2a:93:24:2d:48:91:8f:39:81:a9:28:70:f7:
         c7:99:32:04:2e:7a:7d:bc:93:f6:57:de:8d:04:25:11:ae:d4:
         9a:fe:20:32:e1:4a:3c:4a:d1:4c:21:b4:36:6f:13:9c:d4:0a:
         8b:b0:37:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2er9XHi5I7idgsJGt/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MWFjZmQ2NDljOGVlYWQ4NTUxOTQyNzgxZmExNmY2OGRi
ZDEwZjMwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY0YjQ4NmE0M2RlNjllZGYxMGI1NzlmMDdkZGVlZjkyZDEyYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnKMyyIAqMSYmxQgV4vXay6u/ZEg
+ICpfogrsh++i54rfbuKRfSZd3+1QYYjQ4s/9Nv9p2HhFPAAaOw8U74gZmsWm917
QmaK5Z0n+zNHiSMKqdq2zDf53flKM07ydPRpQ/+PvViqC2Fy1RvX3TOyHrA2CJPf
ssD8PqewUj8h5/Rva7775rougRDsPFu5+vEV2jTf61OOc++LpOBrnHUCKHLYuk5R
e2sIwRGxZ/ufBsGM6LrrE2N7PHzHBmFLgaY9MnAwbVvbMuUNeB6qbD9cvKKy69yF
Bg10VDI/f2AVzcOUYfhdvDy2eKCHH851LZRKsNsttWYOEAQNJZ0RV2w0JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX0tIakPeae3xC1efB93u+S0Su/MB8GA1UdIwQY
MBaAFHYaz9ZJyO6thVGUJ4H6FvaNvRDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGhyUDFrbkk3cTJGVVpRbmdmb1c5bzI5RVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC82ZjkyODMtYjRkNC00NGNkLWE2OWIt
YzczMjAxZGY5OTk1LzEvSmZTMGhxUTk1cDdmRUxWNThIM2U3NUxSSzc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC82ZjkyODMtYjRkNC00NGNkLWE2OWItYzczMjAxZGY5OTk1
LzEvZGhyUDFrbkk3cTJGVVpRbmdmb1c5bzI5RVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+BIMA0G
CSqGSIb3DQEBCwUAA4IBAQCIzkyFNahmqb9yso7yXnAQj8qmT516RQBe6ejiwXQc
ATkwD/zrVdt0EFsGCQ34Dqj1sIJK72HtTw0Gvt86ziCuRy0PGl5GZAvvX9xgBODe
A4ohmZc5SQeFm6FXzwELODp7WXAIKCrv0bapKwG3wLf2ad0ymNesJNZhv/6Q9d1l
hFR+VLa1n4UZ+CqRdGB2cy7ncOIwATX+AFrOPZo4srsO4YDdJ0cny/q31zNLFdgJ
6BIcIw9gpNcge7N752NnEXHk8TCwTo2TKFuEmCqTJC1IkY85gakocPfHmTIELnp9
vJP2V96NBCURrtSa/iAy4Uo8StFMIbQ2bxOc1AqLsDf0
-----END CERTIFICATE-----